Allied Telesis 86241-06 Instruction Manual
Simply connecting the world
Patch Release Note
Patch 86241-06
For Rapier Switches
Introduction
This patch release note lists the issues addressed and enhancements made in
patch 86241-06 for Software Release 2.4.1 on existing models of Rapier L3
managed switches. Patch file details are listed in Table 1.
This release note should be read in conjunction with the following documents:
■Release Note: Software Release 2.4.1 for Rapier Switches, (Document
Number C613-10338-00 Rev A) available from www.alliedtelesyn.co.nz/
documentation/documentation.html.
■Rapier Switch Documentation Set for Software Release 2.4.1 available on
the Documentation and Tools CD-ROM packaged with your switch, or
from www.alliedtelesyn.co.nz/documentation/documentation.html.
WARNING: Using a patch for a different model or software release may cause
unpredictable results, including disruption to the network. Information in this
release note is subject to change without notice and does not represent a
commitment on the part of Allied Telesyn International. While every effort has
been made to ensure that the information contained within this document and
the features and changes described are accurate, Allied Telesyn International
can not accept any type of liability for errors in, or omissions arising from the
use of this information.
Some of the issues addressed in this Release Note include a level number. This
number reflects the importance of the the issue that has been resolved. For
details on level numbers, please contact your authorised distributor or reseller.
Table 1: Patch file details for Patch 86241-06.
Base Software Release File 86s-241.rez
Patch Release Date 28-Feb-2003
Compressed Patch File Name 86241-06.paz
Compressed Patch File Size 369480 bytes
2Patch Release Note
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
Features in 86241-06
Patch 86241-06 includes all issues resolved and enhancements released in
previous patches for Software Release 2.4.1, and the following enhancements:
When more than two firewall policies were configured, an unexpected
switch restart sometimes occurred. This issue has been resolved.
Dynamic Port Security allows for dynamic MAC address learning on a
switch port. If a MAC address is unused for a period of time, it will be aged
from the database of currently accepted MAC addresses. This allows the
learning of new MAC addresses. Dynamic Port Security is useful because
port security allows the number of devices that are connected to a
particular switch port to be limited.
For more information on Dynamic Port Security, see “Dynamic Port
Security” on page 29 of this patch release note.
PIM join messages were being sent by a switch connected to an upstream
and a downstream switch or router in the same VLAN when a multicast
group had no members. This issue has been resolved.
The switch did not always advertise its preferred routes to destinations that
were affected by flapping routes. In these conditions, a BGP network does
not run efficiently. This issue has been resolved.
A switch port belonging to an enabled STP instance would not respond to
ARP requests if the port had been disabled from STP operation. This
prevented the flow of some types of traffic into affected switch ports. This
issue has been resolved.
When a connection is made by Telnet, or directly through the ASYN port, a
TTY session is created with:
■an idle timeout time. The default idle time is zero, which means the TTY
session will not time out if there is a lack of activity. If a TACACS+ server is
configured on the switch, and the idle time attribute value pair (AVP) is
configured on the TACACS+ server and is received by the switch, the value
of the idle time from the TACACS+ server is used to set the TTY session.
■a timeout of zero, which means that the TTY session will not time out. If a
TACACS+ server is configured on the switch, and the timeout attribute
value pair (AVP) is configured on the TACACS+ server and received by the
switch, the value of the timeout from the TACACS+ server is used to set
the TTY session timeout. After the timeout period has elapsed, the user
will either be disconnected by termination of their TTY connection (the
default setting), or have their privilege level reduced to USER (the lowest
privilege level). If the user’s privilege level is already at the lowest level,
then the user will be disconnected by termination of their TTY connection.
If the user’s privilege level is reduced, the TTY session timeout count is
reset to its initial value.
PCR: 02429 Module: IPG Level: 2
PCR: 02562 Module: SWI
PCR: 03042 Module: PIM Level: 3
PCR: 03044 Module: BGP Level: 2
PCR: 03048 Module: STP Level: 2
PCR: 03054 Module: TTY, TACPLUS
Patch 86241-06 For Rapier Switches 3
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
During an SSH session between the switch and the Secure CRT client, the
client did not receive a reply to its MAX-packet-size CMSG. The switch
does not support this message, but will now send a negative response to
satisfy the secure CRT client’s requirements.
The MIB objects ifTestTable and ifRcvAddressTable were incorrectly included
in the switch’s SNMP implementation. These have been removed.
When the TX cable was unplugged from a fibre port the operating status
was incorrectly reported as UP. This issue has been resolved.
When BGP imported other route types, it would advertise routes that had
nexthops of the BGP peers themselves. The BGP peers would reject these
routes and close the peering session, thus preventing the exchange of
routing information between BGP peers. This issue has been resolved.
The Import parameter of the ADD, SET, DELETE and SHOW BGP
commands now has an INTERFACE type. INTERFACE routes were
previously grouped with STATIC routes.
If the CREATE QOS POLICY command was executed with a range that had
a number more than four characters long, for example, CREATE QOS
POLICY=123-12345, then a switch restart occured. Anerrormessage is now
displayed if more than four numbers are entered for a range.
The SET USER command now requires the PASSWORD option if a
PRIVILEGE is specified. This enables privilege levels to be lowered from a
higher level (MANAGER, or SECURITY OFFICER), to USER.
An untagged packet would occasionally be sent on a tagged port. This issue
has been resolved.
When PIM was enabled, IGMP snooping would occasionally work
incorrectly. This issue has been resolved.
When interfaces with IGMP proxies were deleted, a software restart could
sometimes occur. This issue has been resolved.
PCR: 03056 Module: SSH Level: 3
PCR: 03064 Module: SNMP Level: 4
PCR: 03065 Module: SWI Level: 2
PCR: 03070 Module: BGP Level: 2
PCR: 03072 Module: BGP Level: 4
PCR: 03073 Module: UTILITY Level: 2
PCR: 03074 Module: USER Level:
PCR: 03081 Module: SWI Level:
PCR: 03082 Module: SWI Level:
PCR: 03087 Module: IPG Level:
4Patch Release Note
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
DHCP was assigning incorrect IP addresses to clients when they moved
from a relayed to a non-relayed range. Gateway checks have been added to
remove this issue.
Deriving the originating VLAN from incoming packets could, in some
circumstances, cause a software restart. This issue has been resolved.
The PING command when executed with the LENGTH and PATTERN
parameters could produce an ICMP echo packet with an incorrect ICMP
checksum. This issue has been resolved.
When an IP packet with an invalid TOTAL LENGTH field was received by
the CPU routing process, subsequent valid packets were dropped. This
issue has been resolved.
The mechanism for freeing discarded packets in Frame Relay and PPP
could, in some circumstances, cause a software restart. This issue has been
resolved.
The DISABLE MLDS command appeared twice in configuration files. This
issue has been resolved.
The ADD IP MVR command could cause a software restart. This issue has
been resolved.
TheADD IP MVRcommand parameter GROUP nowonly accepts multicast
addresses.
With DVMRP configured, the switch did not forward multicast data to
downstream interfaces on the same VLAN. This issue has been resolved.
DHCP clients that shifted between relayed ranges were not always
recognised, and were occasionally allocated incorrect addresses. This issue
has been resolved.
Invalid DVMRP prune messages could cause a software restart. This issue
has been resolved.
Adding a static ARP entry to a trunk group could cause a software restart.
This issue has been resolved.
PCR: 03100 Module: DHCP Level:
PCR: 03101 Module: IPG Level: 2
PCR: 03102 Module: IPG Level: 3
PCR: 03104 Module: IPG Level: 3
PCR: 03107 Module: FR, PPP Level: 2
PCR: 03108 Module: MLDS Level: 4
PCR: 03110 Module: IPG Level: 2
PCR: 03113 Module: DVMRP Level: 2
PCR: 03114 Module: DHCP Level: 3
PCR: 03121 Module: DVMRP Level: 2
PCR: 03122 Module: SWI Level: 2
Patch 86241-06 For Rapier Switches 5
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
After sending a DHCP NAK in response to a client’s DHCP REQUEST with
a bad lease time, the switch would fail to age out its corresponding DHCP
OFFER entry. This issue has been resolved.
The switch would disassert the AIS, IDLE, LOF and LOS alarms if the
defect conditions that had caused the alarm were disasserted, then
reasserted before the alarms had been disasserted. This issue has been
resolved.
When a static link local address was configured using the ADD IPV6
INT=xxx IP=yyy command, it was not reflected in the switch’s dynamic
configuration. Consequently, the command would be absent from the
switch’s configuration after CREATE CONFIG and switch RESTART
commands were executed. This issue has been resolved.
The ADD BGP PEER command MAXPREFIX parameter now has a default
of 24000, instead of OFF. Previously, with no maximum prefix checking by
default, if the switch received a very large number of prefixes from a BGP
peer, buffer exhaustion could result in a software restart.
The SHOW OSPF NEIGHBOUR command did not reflect a change made to
the router priority on a dynamic OSPF interface of a neighbouring router.
This issue has been resolved.
Link state advertisements could incorrectly show an area as a stub area.
This happened during the time when a Direct Route (DR) was removed
from a configuration and before a Direct Backup Route (BDR), or an Other
Direct Route (Other DR) was elected. This issue has been resolved.
Theswitch would floodDVMRP unicastmessages to allports inthe VLAN.
This issue has been resolved.
ICMP packets originating from the switch used the wrong Equal Cost
Multiple Path route. This issue has been resolved. Also, improvements have
been made to ensure that the ICMP packet will be transmitted over the best
available route. If the best route becomes unavailable, a new route will be
found, if available, so that the ICMP packet continues to reach the
destination address.
The ECPAC card was not working correctly. This issue has been resolved.
PCR: 03123 Module: DHCP Level: 3
PCR: 03125 Module: DS3 Level: 3
PCR: 03127 Module: IPV6 Level: 2
PCR: 03136 Module: BGP Level: 2
PCR: 03011 Module: OSPF Level: 3
PCR: 03035 Module: OSPF
PCR: 03045 Module: IPG, SWI Level: 3
PCR: 03046 Module: IPG Level: 3
PCR: 03051 Module: PCI Level: 2
6Patch Release Note
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
Features in 86241-05
Patch file details are listed in Table 2:
Patch 86241-05 includes all issues resolved and enhancements released in
previous patches for Software Release 2.4.1, and the following enhancements:
Support has been added for SNMPv2c.
SNMP responses will be sent in the same version format as the request
message. Minimal configuration is required to specify a SNMP format,
because this is decided on a message by message basis. The only thing you
need to specify is the version of SNMP received by trap hosts.
To create an SNMP community, use the command:
CREATE SNMP COMMUNITY=name [ACCESS={READ|WRITE}]
[TRAPHOST=ipadd] [MANAGER=ipadd]
[OPEN={ON|OFF|YES|NO|TRUE|FALSE}] [V1TRAPHOST=ipadd]
[V2CTRAPHOST=ipadd]
To add a trap host or management station to the previously created SNMP
community, use the command:
ADD SNMP COMMUNITY=name [TRAPHOST=ipadd] [MANAGER=ipadd]
[V1TRAPHOST=ipadd][V2CTRAPHOST=ipadd]
DS3 interface and board type support has been added. DS3 is now
supported over PPP and Frame Relay. DS3 MIB support has been added.
For moreinformation on DS3, see “DS3 Interfaces” on page 22 of this release
note.
This patch resolves issues that arose after previous modifications made
under this PCR number.
Sometimes IPv6 features did not enable correctly. Also, there were some
errors in the output from configuration commands. These issues have been
resolved.
IP packet throughput has been improved.
Table 2: Patch file details for Patch 86241-05.
Base Software Release File 86s-241.rez
Patch Release Date 17-Jan-2003
Compressed Patch File Name 86241-05.paz
Compressed Patch File Size 332388 bytes
PCR: 02315 Module: SNMP Network affecting: No
PCR: 02389 Module: DS3 Network affecting: No
PCR: 02414 Module: IPv6, SWI, IPG, VLAN Network affecting: No
PCR: 02560 Module: IPG, SWI, VLAN Network affecting: No
Patch 86241-06 For Rapier Switches 7
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
Debugging commands are now available for the RADIUS and TACACS
control protocols. Raw packets, decoded packets, and errors can now be
displayed.
Access control packet debugging allows the contents of the packets to be
viewed. The debugging commands allow both raw (hexadecimal dumps)
and/or decoded (human-readable) packet displays. Information on any
errors occurring in the transactions can be displayed once the appropriate
debugging command is issued.
Only users with SECURITY OFFICER privileges in system secure mode are able to
enable RADIUS and TACACS debugging.
The debugging commands are:
ENABLE RADIUS DEBUG={ALL|PKT|DECODE|ERROR} [,...]
ENABLE TACACS DEBUG={ALL|PKT|DECODE|ERROR} [,...]
DISABLE RADIUS DEBUG={ALL|PKT|DECODE|ERROR} [,...]
DISABLE TACACS DEBUG={ALL|PKT|DECODE|ERROR} [,...]
SHOW RADIUS DEBUG
SHOW TACACS DEBUG
The SET INSTALL command was generating an unwanted warning
message on Rapier iseries switches. This issue has been resolved.
Features in 86241-04
Patch file details are listed in Table 3:
Patch 86241-04 includes all issues resolved and enhancements released in
previous patches for Software Release 2.4.1, and the following enhancements:
Virtual interfaces were displayed incorrectly when VLANs were
multihomed. This issue has been resolved.
If the command ADD FIREWALL POLICY RULE SOURCEPORT=ALL was
executed, a value of “65535” was incorrectly displayed for the
SOURCEPORT parameter for that rule in the SHOW FIREWALL POLICY
command. This issue has been resolved.
PCR: 03002 Module: USER Network affecting: No
PCR: 03013 Module: INSTALL Network affecting: No
Table 3: Patch file details for Patch 86241-04.
Base Software Release File 86s-241.rez
Patch Release Date 15-Jan-2003
Compressed Patch File Name 86241-04.paz
Compressed Patch File Size 208232 bytes
PCR 02244 Module: UTILITY Network affecting: No
PCR: 02300 Module: Firewall Network affecting: No
8Patch Release Note
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
PIM was disabled permanently if the RESET IP command, or the DISABLE
IP command followed by the ENABLE IP commands were executed. PIM is
now automatically restarted if these commands are used.
Previously the SET FIREWALL POLICY RULE command permitted the use
of the GBLIP and GBLPORT parameters in ways that were not permitted by
the ADD FIREWALL POLICY RULE command. This caused problems
when a configuration file was generated because some of the illegal
parameters from the SET command were put into the ADD command. This
resulted in a configuration that contained illegal parameter combinations.
The restrictions placed on the GBLIP and GBLPORT parameters in the ADD
command have now been implemented in the SET command so that these
problems do not occur.
IP ARP packets that had invalid header values were erroneously accepted
by the router. Also, IP packets with a Class E source IP address were
erroneously fowarded. These issues have been resolved.
When the system time was set to a time that was before or significantly after
the current time, Firewall sessions were prematurely deleted. This issue has
been resolved.
If a problem occurred with NVS, some critical files were lost. As a result, the
equipment was forced to load only boot ROM software at boot time. This
patch combined with the new version of the boot ROM software (pr1-1.2.0
for the AR700 series) resolves this issue.
The ARP cache is now updated when a gratuitous ARP request or reply
packet is received.
The ADD IP ROUTE FILTER optional parameter INTERFACE caused the
filter to not work on the OSPF external LSA’s flooding.
The SHOW IP ROUTE FILTER interface name output was truncated to 6
characters. These issues have been resolved.
Executingthe PING command sometimescaused a memory leak. This issue
has been resolved.
The CREATE CONFIGURATION command inserted the IMTLEAVE
parameter into the configuration script when the IMTLEAVE parameter
was undefined. This caused an error in the configuration script. This issue
has been resolved.
PCR: 02340 Module: IPG Network affecting: No
PCR: 02356 Module: FIREWALL Network affecting: No
PCR: 02358 Module: IPG Network affecting: No
PCR: 02371 Module: FIREWALL Network affecting: No
PCR: 02400 Module:
CORE,FFS,FILE,INSTALL,SCR Network affecting: No
PCR: 02491 Module: IPG Network affecting: No
PCR: 02506 Module: OSPF IPG Network affecting: No
PCR: 02511 Module: Ping Network affecting: No
PCR: 02514 Module: IPG Network affecting: No
Patch 86241-06 For Rapier Switches 9
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
The DELETE IPV6 6T04 command sometimes caused an error. This issue
has been resolved.
The DECREMENT parameter of the ADD IPV6INTERFACE command was
not recognised in the command line. This issue has been resolved.
The SET QOS TRAFFICCLASS command now requires 7 characters to be
entered for the optional EXCEEDACTION and EXCEEDREMARKVALUE
parameters.
The ADD IPV6 HOST command was not accepting the INTERFACE
parameter when adding a host with a link-local address. This issue has been
resolved.
Under some circumstances, multiple default routes were created for
DVMRP. This issue has been resolved.
TCP did not send a TCP Reset message under some circumstances, for
example when the Telnet server was disabled. This issue has been resolved.
The source IP address is now checked correctly when subnet NAT is used
with standard, double, or reverse NAT. Previously, it was sometimes
possible to specify an IP address outside the allowable range.
The Firewall showed the wrong counters on Total Received Packets and
DroppedPacketsand displayedtwice the number of receivedpackets when
discarding packets from the public side. Also, when a Deny rule was
applied to the private side, the Number of Dropped Packets was always
zero. These issues have been resolved.
The SYN test did not operate successfully when patch 52241-03 was
installed. This issue has been resolved.
A fatal error occurred when an IPv6 packet with an invalid payload length
was received. This issue has been resolved.
When PPP was used over an L2TP tunnel, a speed of zero was shown for
the PPP interface on the LNS side, while the LAC side showed a non-zero
PCR: 02519 Module: IPv6 Network affecting: No
PCR: 02521 Module: IPv6 Network affecting: No
PCR: 02523 Module: QOS, UTILITY Network affecting: No
PCR: 02525 Module: TELNET, PING, IPV6,
TCP Network affecting: No
PCR: 02526 Module: DVMRP Network affecting: No
PCR: 02527 Module: TCP Network affecting: No
PCR: 02529 Module: FIREWALL Network affecting: No
PCR: 02532 Module: FIREWALL Network affecting: No
PCR: 02534 Module: TEST Network affecting: No
PCR: 02535 Module: IPV6 Network affecting: No
PCR: 02537 Module: L2TP Network affecting: No
10 Patch Release Note
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
PPP interface speed. This issue has been resolved so that the LNS side of the
PPP interface shows the correct speed.
The source mask is now always 0xffffffff in the DVMRP forwarding table.
The temporary route in the DVMRP route table was not displaying
correctly. This issue has been resolved.
An IGMP entry was erroneously added for the reserved IP address. This
issue has been resolved.
The TCP and UDP source and destination port parameters would accept
values of more than 65535. 65535 is now the maximum value for source and
destination ports. This complies with RFC768 for UDP and RFC793 for TCP.
TheSHOWIPV6 commands wereincorrectlyincludingRIPngdownroutes,
and routes on the sending interface. The IPv6 routing table now recognises
down routes.
BPDU messages are now sent to all active ports as soon as STP is enabled.
The ARP transmit counter total was not being incremented. This issue has
been resolved.
The standard subnet NAT rules on a private interface were not matching a
packet unless its source IP address was exactly the same as the IPADDRESS
value set for the rule, that is the NAT mask value was not being used. This
issue has been resolved.
Reserved multicast data was being duplicated. This issue has been resolved.
If ingress filtering was supported within trunk groups, ports with ingress
filtering enabled were erroneously added to thetrunk group. This issue has
been resolved.
Large RTSP continuation packets could cause a fatal error. This issue has
been resolved.
The SET CLASSIFIER and CREATE CLASSIFIER commands now display
the tagged and untagged parameters correctly when the PROTOCOL
parameter is set to IPX or 802.2.
An issue introduced in a previous patch with the SET IP ROUTE command
failing has been resolved.
PCR: 02538 Module: DVMRP Network affecting: No
PCR: 02539 Module: CLASSIFIER Network affecting: No
PCR: 02542 Module: IPV6 Network affecting: No
PCR: 02543 Module: SWI Network affecting: No
PCR: 02547 Module: IPG Network affecting: No
PCR: 02550 Module: FIREWALL Network affecting: No
PCR: 02551 Module: IPG Network affecting: No
PCR: 02552 Module: SWI Network affecting: No
PCR: 02564 Module: FIREWALL Network affecting: No
PCR: 02565 Module: CLASSIFIER Network affecting: No
PCR: 02572 Module: IPG Network affecting: No
Patch 86241-06 For Rapier Switches 11
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
Some change actions, and the resending of prune messages were not
operating correctly. This issue has been resolved.
The ADD FIREWALL POLICY and SET FIREWALL POLICY commands
did not generate a valid port list when the optional PORT parameter was set
to ALL. This issue has been resolved.
When OSPF was enabled on startup, an OSPF interface would sometimes
stay in the DOWN state. This issue has been resolved.
Features in 86241-03
Patch file details are listed in Table 2.
Patch 86241-03 includes all issues resolved and enhancements released in
previous patches for Software Release 2.4.1, and the following enhancements:
Incorrect ICMP checksums on incoming packets were not being recognised,
and packets with an odd byte size were erroneously being processed. These
issues have been resolved.
MLD snooping is now supported on AT-9800 Series Switches and Rapier i
Series Switches.
The ENABLE IPV6 MTUDISCOVERY and SET IPV6 MTU INTERFACE
commands were not displayed in the SHOW CONFIGURATION
DYNAMIC command. This issue has been resolved.
Link-local address behaviour was incorrect. Also, the PUBLISH parameter
was not updated by the SET IPV6 INTERFACE command, or displayed in
the SHOW IPV6 INTERFACE command. These issues have been resolved.
The board descriptions have changed for some instances of AT-9800 Series
Switches.
PCR: 02574 Module: DVMRP Network affecting: No
PCR: 02579 Module: FIREWALL Network affecting: No
PCR: 02587 Module: OSPF Network affecting: No
Table 4: Patch file details for Patch 86241-03.
Base Software Release File 86s-241.rez
Patch Release Date 26-Nov-2002
Compressed Patch File Name 86241-03.paz
Compressed Patch File Size 379165 bytes
PCR: 02314 Module: IPG Network affecting: No
PCR: 02414 Module: IPv6, SWI, IPG, VLAN Network affecting: No
PCR: 02426 Module: IPv6 Network affecting: No
PCR: 02428 Module: IPv6 Network affecting: No
PCR: 02467 Module: CORE Network affecting: No
12 Patch Release Note
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
After an ASYN port test, the port is now reset to its pre-test state if the test
was started by a user connected to the same ASYN port.
The following issues have been resolved:
• When equal paths exist to a source, a PIM DM downstream switch/
router could not correctly collect information from AssertSelection
between the upstream devices.
• If the Assert winner was another vendor’s device, The Allied Telesyn
device did not respond to the Prune message.
• Sometimes a receiver could not get a multicast data stream.
• Ifunicast routeswerechanged,multicast data streamssometimesfailed
to reach receivers or flowed incorrectly.
A fatal error occurred with IPv6 ping when an interface was plugged in and
unplugged repeatedly. This issue has been resolved. Also, the TrueMTU
value on a VLAN interface was incorrect. This value has been corrected to
1500.
Whenpinging anunreachablehost viaa switch,therewasa delaybeforethe
switch sent a DestinationUnreachable message. This issue has been resolved.
When the switch was under heavy learning load, some MAC address were
lost. This issue has been resolved.
It was possible to add the same IPv6 prefix to different IPv6 interfaces. This
issue has been resolved.
The ADD VLANRELAY and DELETE VLANRELAY commands returned
the wrong message if the command could not be processed. This issue has
been resolved.
The correct protocol number is now returned by VLAN Relay.
Some parameters in the SET IP IGMP command had incorrect ranges. This
issue has been resolved. The correct ranges are:
SET IP IGMP [LMQI=1..255] [LMQC=1..5] [QUERYINTERVAL=1..65535]
[QUERYRESPONSEINTERVAL=1..255] [ROBUSTNESS=1..5]
[TIMEOUT=1..65535]
PCR: 02469 Module: TM Network affecting: No
PCR: 02477 Module: IPG, PIM, SWI Network affecting: No
PCR: 02481 Module: IPv6 Network affecting: No
PCR: 02482 Module: IPG Network affecting: No
PCR: 02489 Module: SWI Network affecting: No
PCR: 02494 Module: IPv6 Network affecting: No
PCR: 02495 Module: VLAN Network affecting: No
PCR: 02498 Module: VLAN Network affecting: No
PCR: 02499 Module: IPG Network affecting: No
Patch 86241-06 For Rapier Switches 13
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
If multiple IPv6 interfaces shared the same link-local address, pings to the
link-local address sometimes failed. This issue has been resolved.
The source net mask has been removed from DVMRP prune, graft and
graft-ack messages.
Features in 86241-02
Patch file details are listed in Table 5:
Patch 86241-02 includes all issues resolved and enhancements released in
previous patches for Software Release 2.4.1, and the following enhancements:
IPX traffic passing between two switch instances using VLAN for Rapier48
now operates correctly.
Buffer leaks occurred when DNS relay was enabled. This issue has been
resolved.
Abufferleak occurredwhen alargenumber of flows (over 4000) were in use
and needed to be recycled. This issue has been resolved.
The EPORT parameter in the ADD SWITCH L3FILTER ENTRY and SET
SWITCH L3FILTER ENTRY commands was matching multicast and
broadcast packets with software filtering. This issue has been resolved.
Sometimes the retransmission of an FTP packet was not permitted through
the Firewall. This issue has been resolved.
VRRP returned an incorrect MAC address for an ARP request. This issue
has been resolved.
PCR: 02502 Module: Ping, IPv6 Network affecting: No
PCR: 02509 Module: DVMRP Network affecting: No
Table 5: Patch file details for Patch 86241-02.
Base Software Release File 86s-241.rez
Patch Release Date 25-Oct-2002
Compressed Patch File Name 86241-02.paz
Compressed Patch File Size 132368 bytes
PCR: 02103 Module: SWI Network affecting: No
PCR: 02210 Module: DNS Relay Network affecting: No
PCR: 02214 Module: IPG Network affecting: No
PCR: 02220 Module: SWI Network affecting: No
PCR: 02236 Module: FIREWALL Network affecting: No
PCR: 02245 Module: VRRP Network affecting: No
14 Patch Release Note
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
The virtual MAC address was used as the source MAC for all packets
forwarded on an interface associated with a Virtual Router (VR). This was
confusing when multiple VRs were defined over the same interface because
only one virtual MAC address was ever used. The other virtual MAC
addresses (for the other VR's) were only used if the source IP address
matched the VR’s IP address. To avoid this confusion, the system MAC
address is now always used unless the source IP address of the packet is the
same as the VR’s IP address.
When route aggregation was enabled, the atomic aggregate was not being
set. This issue has been resolved.
HTTP requests from a fixed IP address were erroneously reported as a host
scan attack in the Firewall deny queue. This issue has been resolved.
The following issues have been resolved:
• The RESET PIM INTERFACE=VLAN command was not working
correctly.
• Packets with Time to Live (TTL) set to less than 4 were not being
forwarded.
• VLAN tags were not being inserted into IP multicast packets on multi-
tagged ports.
• A fatal error occurred when PIM and RIP were both running.
ARL message interrupts have been re-enabled after a software table rebuild
to fix synchronisation of the software forwarding database with the
hardware table.
The CREATE CONFIG command did not save the SOURCEPORT
parameter to the configuration file when the low value of the source port
range was set to zero. This issue has been resolved.
Report sending and default routes were not working correctly. Also, the
SHOW CONFIGURATION DYNAMIC and SHOW
CONFIGURATION=DVMRPcommandswerenotworking correctly. These
issues have been resolved.
TELNET sessions are now closed with “^D” only when the session is in the
login state.
DHCP now processes Discover messages smaller than 300 bytes.
PCR: 02263 Module: VRRP Network affecting: No
PCR: 02267 Module: BGP Network affecting: No
PCR: 02268 Module: FIREWALL Network affecting: No
PCR: 02272 Module: IPG, PIM, SWI Network affecting: No
PCR: 02274 Module: TPAD Network affecting: No
PCR: 02276 Module: FIREWALL Network affecting: No
PCR: 02277 Module: DVMRP Network affecting: No
PCR: 02280 Module: TELNET, TTY Network affecting: No
PCR: 02291 Module: DHCP Network affecting: No
Patch 86241-06 For Rapier Switches 15
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
IPSec no longer logs packets that match an ACTION=ALLOW policy. The
overhead of this logging was affecting non-IPSec traffic.
The LOCALRSAKEY parameter in the CREATE ISAKMP POLICY and SET
ISAKMP POLICY commands was not accepting the value zero. This issue
has been resolved.
The PURGE IPSEC command caused a fatal error. This issue has been
resolved.
If a packet with a destination IP address equal to a VRRP IP address was
received when the router didn’t own the IP address, (because it didn’t have
an interface with that IP address) the router incorrectly tried to forward the
packet and send an ICMP “redirect” message to the source. Now, if such a
packet is received, it will be discarded and an ICMP “host unreachable”
message will be sent to the source.
If a DNS relay agent was configured with overlapping subnets, sometimes
the DNS server response was returned to the client with a source IP address
of an interface on the relay agent that was different from the interface the
request was received on. This issue has been resolved.
The default router lifetime value has been corrected. Also, the SET IPV6
INTERFACE command now updates valid and preferred lifetimes correctly.
When enabling or disabling feature licences, a message will now be
generated with a warning that changes to feature licences may not take
effect until after a reboot.
VRRP used the wrong source IP address in ICMP redirects. RFC 2338 states
that the source IP address of ICMP redirects should be the IP address that
the end host used when making its next hop routing decision. In the case of
a packet sent to a VRRP virtual MAC address, this is the primary VRRP IP
addressassociated with the MAC address, provided such a VR exists and is
in the master state. This issue has been resolved.
On models except Rapier iSeries Switches, the ENABLE STPDEBUG PORT
command did not work correctly. This issue has been resolved.
It was possible to set the trunk speed to10/100M, even if the port within the
trunk was not capable of this speed. This issue has been resolved.
PCR: 02292 Module: IPSEC Network affecting: No
PCR: 02294 Module: IKMP Network affecting: No
PCR: 02298 Module: IPSEC Network affecting: No
PCR: 02299 Module: VRRP Network affecting: No
PCR: 02301 Module: IPG Network affecting: No
PCR: 02302 Module: IPv6 Network affecting: No
PCR: 02303 Module: INSTALL Network affecting: No
PCR: 02304 Module: VRRP Network affecting: No
PCR: 02309 Module: STP Network affecting: No
PCR: 02311 Module: SWI Network affecting: No
16 Patch Release Note
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
The SHOW IPV6 INTERFACE command now shows the address lifetime
aging status that is determined by the DECREMENT parameter in the ADD
IPV6 INTERFACE command. The default valid and preferred address
lifetimes have been changed to 30 days and 7 days respectively.
The interface address preferred lifetime was not operating correctly. This
issue has been resolved.
A fatal error occurred when the command SET FR=0 LMI= was executed if
the LMI was already set to ANNEXA, ANNEXB or ANNEXD. This issue
has been resolved.
A fatal error occurred when a PING was executed over an IPV6 tunnel that
had previously been deleted. Also, packet forwarding with link-local
addresses was not working correctly. These issues have been resolved.
In some situations, multihomed interfaces caused the Firewall to apply
NAT and rules incorrectly when packets were received from a subnet that
was not attached to the receiving interface. This issue has been resolved.
BGP was not sending a withdraw message to a peer for a withdrawn or
replaced route when the new best route came from that peer. This issue has
been resolved.
A buffer leak was occurring in IPv6 fragmentation. This issue has been
resolved.
IP is now informed when an Ethernet interface goes up or down, after a 2.5
second delay.
The sequence number extracted from the AH and ESP header was in the
wrong endian mode, which caused an FTP error with IPSEC anti-replay.
This issue has been resolved.
It is now possible to set the domain name of the SMTP server to none
(0.0.0.0) with the SET FIREWALL POLICY SMTPDOMAIN command, even
if a server name has not previously been specified.
PCR: 02313 Module: IPV6 Network affecting: No
PCR: 02320 Module: IPV6 Network affecting: No
PCR: 02321 Module: FR Network affecting: No
PCR: 02326 Module: IPv6 Network affecting: No
PCR: 02327 Module: IPG/FIREWALL Network affecting: No
PCR: 02328 Module: BGP Network affecting: No
PCR: 02330 Module: IPv6 Network affecting: No
PCR: 02331 Module: IPG, ETH Network affecting: No
PCR: 02332 Module: IPSEC Network affecting: No
PCR: 02334 Module: FIREWALL Network affecting: No
Patch 86241-06 For Rapier Switches 17
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
The SHOW CLASSIFIER command was not displaying Layer 3 information
if the classifier had been created with the parameters ETHFORMAT=SNAP
and PROTOCOL={IP|0000000800}. This issue has been resolved.
When acting as a PPPoE Access Concentrator (AC), if a PPPoE client sent
discovery packets without the "host-unique" tag, the discovery packets sent
by the AC were corrupted. This issue has been resolved.
It is now possible to set a preference value for dynamically learned routes
based on their protocol using the command:
SET IP ROUTE PREFERENCE={DEFAULT|1..65535}
PROTOCOL={BGP-EXT|BGP-INT|OSPF-EXT1|OSPF-EXT2|OSPF-INTER|
OSPF-INTRA|OSPF-OTHER|RIP}
The CREATE CONFIGURATION command was not correctly generating
the DISABLE SWITCH HWFILTER and DISABLE SWITCH L3FILTER
commands. This issue has been resolved.
When the PAC card was under severe load, the related driver occasionally
did not fully transfer all result data from the chip. This caused an actCmdFail
error. This issue has been resolved.
In a previous patch, a fatal error occurred after a RESTART ROUTER
command was executed when using PPP over SYN. Also, on AR745
models, PPP was using an 8 MB boundary instead of a 16 MB boundary.
These issues have been resolved.
The following issues have been resolved:
• PIM was not sending Hello messages over a Frame Relay (FR) interface.
• A fatal error occurred if 64 was entered as the interface value in the
DESTROY FRAMERELAY command. The command now only accepts
0-63 for this parameter.
• The ADD FRAMERELAY DLC command incorrectly accepted a TYPE
parameter. Also, this command was not accepting the
ENCAPSULATION parameter.
• The CREATE CONFIGURATION command incorrectly generated the
CIR and CIRLIMITED parameters for the ADD FRAMERELAY DLC
command.
• FR interfaces with static DLCs were always shown as DOWN. The
status of the interface was not being updated when a circuit was added
to the interface.
PCR: 02335 Module: CLASSIFIER Network affecting: No
PCR: 02343 Module: PPP Network affecting: No
PCR: 02346 Module: BGP, IPG Network affecting: No
PCR: 02347 Module: SWI Network affecting: No
PCR: 02348 Module: ENCO Network affecting: No
PCR: 02354 Module: SCC, SYN, PPP Network affecting: No
PCR: 02357 Module: FR Network affecting: No
18 Patch Release Note
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
When an IP Multihomed interface was used as an OSPF interface,
neighbour relationships were only established if the IP interface for OSPF
was added first in the configuration. Now, OSPF establishes neighbour
relationships regardless of the IP Multihomed interface configuration order.
The FLASH compaction process is now transparent to the file edition
process. The FLASH system is now more stable.
Address learning on the mirror port is now correctly re-enabled when it is
no longer the mirror port.
New commands have been added to enable the addition and deletion of
static multicast addresses to and from the multicast forwarding table. The
new commands are:
ADD SWITCH MULTICASTADDRESS IP=ipadd VLAN=vlan-id
PORT=port-list
DELETE SWITCH MULTICASTADDRESS IP=ipadd VLAN=vlan-id
When the SET IP ROUTE command was executed to change any parameter
other than METRIC1, which is the RIP metric, the RIP metric was reset to 1.
This metric is now only updated if a value for the parameter is specified.
When the system time was set to a time that was before or significantly after
the current time, Firewall sessions were prematurely deleted. This issue has
been resolved.
When the PPP ONLINELIMIT was exceeded for PPP over TDM, the PPP
link stayed open, allowing Link Quality Report (LQR) packets to be
transmitted. This caused the ifOutOctets counter to increment. Now, if the
ONLINELIMIT is exceeded, the link will close.
Entering 63 for the EPORT parameter in the ADD SWITCH L3FILTER
command caused a fatal error. This parameter now accepts the values 63
and 64.
The SHOW VRRP command now shows the number of trigger activations
for the Upmaster and Downmaster triggers.
After a prune lifetime had expired, the interface was not joined back to the
DVMRP multicast delivery tree. This issue has been resolved.
PCR: 02359 Module: IPG Network affecting: No
PCR: 02363 Module: FFS, FILE, TTY Network affecting: No
PCR: 02365 Module: SWI Network affecting: No
PCR: 02367 Module: SWI Network affecting: No
PCR: 02369 Module: IPG Network affecting: No
PCR: 02371 Module: FIREWALL Network affecting: No
PCR: 02376 Module: PPP Network affecting: No
PCR: 02378 Module: SWI Network affecting: No
PCR: 02395 Module: VRRP, TRG Network affecting: No
PCR: 02397 Module: DVMRP Network affecting: No
Patch 86241-06 For Rapier Switches 19
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
The following issues have been resolved:
• It was possible to assign the same network on different IPV6 interfaces
• The loopback address was being added to other interfaces
• The tunnel configuration was not showing correctly in IPV6
configuration commands
RIPv6 now sets the metric of routes for interfaces that are DOWN to 16, and
immediately sends responses when the link status of VLAN interfaces
changes.
The Trace utility has been modified. Previously, Trace sent a group of
packets at once and waited for multiple responses in order to assess the
minimum, maximum and average time to cover a certain "hop distance"
towards the target host. Now Trace sends each packet in each group
individually, and waits either for a response or a time-out before sending
the next packet in the group.
Neighbour discovery and PIM6 caused a fatal error when IPv6 was not
enabled, or when the IPv6 feature license was not present. This issue has
been resolved.
SNMP MIB support has been enhanced for CPU utilisation and file
statistics.MIBsupport has beenaddedfor Allied Telesyncontact details and
fast buffers.
A watchdog timeout occurred when the command ENABLE STP PORT was
executed. This issue has been resolved.
A Router-Alert option has been added. Also, the SHOW IPV6 MLD
INTERFACE command now works correctly.
A warning now appears when the DELETE IP INTERFACE command is
executed before the DELETE DVMRP INTERFACE command.
VRRP pre-empt mode was not working with advertisement updates of 1
second or more because this did not allow for interface starttime on startup.
Now a check is made to verify that interfaces are UP before timers are
started.
The SHOW TCP command was not showing the listening status for IPv6.
PCR: 02398 Module: IPV6 Network affecting: No
PCR: 02399 Module: TRACE Network affecting: No
PCR: 02401 Module: IPV6 Network affecting: No
PCR: 02402 Module: SNMP, CORE, SHOW,
FILE Network affecting: No
PCR: 02403 Module: STP Network affecting: No
PCR: 02406 Module: IPV6 Network affecting: No
PCR: 02409 Module: IPG Network affecting: No
PCR: 02410 Module: VRRP Network affecting: No
PCR: 02411 Module: IPV6 Network affecting: No
20 Patch Release Note
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
An ISDN call was activated by IPv6 Router Advertisements over IPv6
tunnel interfaces. This issue has been resolved.
Packets with a RIP source address and next hop address that are not on the
same subnet as the interface will now be processed. If the received next hop
is not on the same subnet, it is treated as 0.0.0.0.
ICMPv6was returninganerrorfornon-zerofragment offsets. Thisissue has
been resolved.
The GUI was incorrectly accepting multiple entries for VLANs. This issue
has been resolved.
The GUI was returning incorrect GARP counters. This issue has been
resolved.
Link-local address behaviour was incorrect. Also, the PUBLISH parameter
was not updated by the SET IPV6 INTERFACE command, or displayed in
the SHOW IPV6 INTERFACE command. These issues have been resolved.
Large local packets were not being fragmented. Also, the More Fragment
flag in the IPv6 fragment header was not being set correctly. These issues
have been resolved.
Received Router Advertisements (RAs) were discarded when the interface
was enabled to send RAs. This issue has been resolved.
The IPv6 priority filter was not matching correctly when TCP was specified
as the protocol type. This issue has been resolved.
Multicast multi-homing was not working correctly. This issue has been
resolved.
PCR: 02412 Module: IPV6 Network affecting: No
PCR: 02415 Module: IPG Network affecting: No
PCR: 02418 Module: IPV6 Network affecting: No
PCR: 02421 Module: PIM Network affecting: No
PCR: 02422 Module: GARP Network affecting: No
PCR: 02428 Module: IPV6 Network affecting: No
PCR: 02450 Module: IPV6 Network affecting: No
PCR: 02452 Module: IPv6 Network affecting: No
PCR: 02457 Module: IPV6 Network affecting: No
PCR: 02463 Module: DVMRP, IPG Network affecting: No
Other Allied Telesis Software manuals
Allied Telesis
Allied Telesis AT-8600 Series Instruction Manual
Allied Telesis
Allied Telesis AT-8000S Series User manual
Allied Telesis
Allied Telesis AR4155 Instruction Manual
Allied Telesis
Allied Telesis AR44xS Instruction Manual
Allied Telesis
Allied Telesis 86251-05 Instruction Manual
Allied Telesis
Allied Telesis SNMP Rel. 2.0.0 User manual
Allied Telesis
Allied Telesis 86241-02 Instruction Manual
Allied Telesis
Allied Telesis SwitchBlade AT-AR440S User manual
Allied Telesis
Allied Telesis AT-GS950/8 User manual
Allied Telesis
Allied Telesis AT-S95 User manual
Allied Telesis
Allied Telesis AT-9400 User manual
Allied Telesis
Allied Telesis WebSmart AT-FS750/16 How to use
Allied Telesis
Allied Telesis SwitchBlade AT-AR440S User manual
Allied Telesis
Allied Telesis AR770S Installation guide
Allied Telesis
Allied Telesis AT-S67 User manual
Allied Telesis
Allied Telesis AR44xS Instruction Manual
Allied Telesis
Allied Telesis AT-S80 User manual
Allied Telesis
Allied Telesis SB251-08 Instruction Manual
Allied Telesis
Allied Telesis AT-8600 Series User manual
Allied Telesis
Allied Telesis AR441S How to use
Popular Software manuals by other brands
Nortel
Nortel Web Center Portal Installation and administration guide
Alcatel
Alcatel OmniTouch ACS 7.1.4 Site preparation guide
Dell
Dell PowerEdge UPS 500T user guide
Blackbe;rry
Blackbe;rry YAHOO! MESSENGER FOR SMARTPHONES user guide
Canon
Canon ELURA 100 - Camcorder - 1.3 MP instruction manual
Samsung
Samsung EASYGSM GH68-60751A owner's manual
Nokia
Nokia 6340i - Cell Phone - AMPS user guide
Optica
Optica Video Storage Server user manual
HP
HP NonStop SQL/MX Messages manual
ESET
ESET MAIL SECURITY - FOR LINUX BSD AND SOLARIS installation manual
ScanSoft
ScanSoft PDF CONVERTER 2 FOR MICROSOFT WORD Quick reference guide
AVIRA
AVIRA ANTIVIR SERVER UNIX user manual